As one of the world’s largest insurance companies, Liberty Mutual understands that the applications it builds defines its success. It relies on modern technology to provide fast and accurate insurance information and products to its customers and partners.
Getting these applications to market quickly is critical, and to do this, Liberty Mutual is ahead of many of its industry peers. Adopting the cloud, Continuous Integration / Continuous Delivery (CI/CD) pipelines, and MongoDB Atlas enables its development teams to move fast by fully automating deployment and management programmatically with code.
At our recent MongoDB .Live community conference, Liberty Mutual’s Infrastructure Engineer Brian Poirier and Architect Brian Jones (@brianjonesIT) delivered a great session where they talked about their journey to cloud and deployment pipeline, and ran a demo showing how all of the pieces fit together. Watching their talk is a great 30-minutes investment of your time!
At the heart of Liberty Mutual’s application estate is MongoDB, providing the development teams with a distributed, scalable, and reliable platform on which they can rapidly build new applications.
Liberty Mutual started out with MongoDB in their own data centers a few years ago. Today the hosting team is responsible for running over 700 MongoDB clusters powering a whole range of client-facing and internal services, using Ops Manager for provisioning and administration.
The standard MongoDB build consists of a 3-node replica set. Any configuration that varies from that build requires the hosting team to customize their tooling – an approach that doesn’t scale as developers want to build more services on top of MongoDB.
Ascending to the Cloud
As the company started moving new applications to the cloud, the hosting team began to take advantage of more automation tools. They adopted AWS CloudFormation to codify templates that packaged MongoDB replica sets and AMIs onto EC2 instances, and HashiCorp Vault for database user management.
This was a great start at moving to IaC pipelines, but it was all explicitly tied to AWS. The development teams wanted more freedom to adopt a multi-cloud strategy, selecting whichever platform they needed to meet specific application requirements.
“One drawback to MongoDB on EC2 is the fact that EC2 is a service provided by only one cloud provider. Though a fantastic cloud platform, we understand that it might not meet the needs of all our customers’ use cases,” says Poirier.
Cruising with Managed Database Services & CI/CD Pipelines
With the launch of MongoDB Atlas, the hosting services team saw an opportunity to further automate operations and keep pace with growing MongoDB demand coming from the company’s developers.
Beyond being full-managed and automated, there were several big drivers offered by MongoDB Atlas that appealed to Liberty Mutual:
- The ability to more easily exploit the power of MongoDB’s native sharding to distribute and scale huge workloads.
- Availability on AWS, Azure, and Google Cloud, providing the cloud freedom the developers craved while the hosting team avoided the need to manage separate code repositories for each platform.
- Certification with the regulatory standards needed for financial applications, including PCI-DSS, HIPAA, SOC, ISO 27001, and GDPR.
- Integrations with a comprehensive range of tools via programmatic API keys.
A lot of the building blocks for those needed integrations were there, but not the full suite of tools needed for completely automated CI/CD pipelines. “We do not have the capacity to dedicate DBAs to sit in front of the console all day and manage Atlas,” notes Poirier. “We want development teams to be able to deploy and manage Atlas through our existing pipelines.”
And so the Liberty Mutual hosting team partnered with MongoDB product management, engineering, and consulting organizations to shape a full suite of services that have grown to include:
- The HashiCorp Terraform MongoDB Atlas Provider to standardize and automate database deployments on any leading cloud provider.
- The HashiCorp Vault Secrets Engines for MongoDB Atlas for automated database secrets management.
- Private endpoints in MongoDB Atlas for non-transitive, uni-directional connections from Liberty Mutual VPCs to Atlas VPCs using AWS PrivateLink.
- Customer key management for encryption at-rest using AWS KMS.
“When using our own KMS keys from AWS, Atlas automatically rotates master keys every 90 days, without the need to have data files rewritten. Essentially, data is encrypted using our own AWS CMK that we manage, prior to the data being encrypted a second time, when written to the MongoDB encrypted storage engine.” - Brian Poirier
The Results, and Learning More
As a result of working together with MongoDB, Liberty Mutual’s development teams can now securely deploy and manage their MongoDB Atlas clusters through fully automated CI/CD pipelines. The team is also looking forward to upcoming features that can accelerate development on MongoDB even further, such as role-based mappings for group directories as part of the SSO federation management capabilities for MongoDB Atlas.
You can try MongoDB Atlas out yourself at no cost by registering for an account today.